Overview and Scope of Workshop:

As the area of online social networking develops and many online services add social features to their offerings, the definition of online social networking services broadens. Online social networking services range from social-interaction centered sites such as Facebook or MySpace, to information-dissemination-centric services such as Twitter or Google Buzz, to social interaction features added to existing sites and services such as Flickr or Amazon. Each of these services has different characteristics of social interaction, and different vulnerabilities susceptible to attack.

The value of online social networking sites stems from people spending a great deal of their time on these networks. Updating their personal profiles, browsing for social or professional interactions or taking part in social oriented online applications and events, people nowadays become immersed in their preferred online social environments, creating an exciting entanglement between their real and virtual identities. However, this immersion holds also great perils for the users, their friends, their employers, and may even endanger national security.

There is a great deal of information in the patterns of communication exercised by the user with his peers. These patterns are affected by many factors of relationship and context, and could be used in reverse - to infer the relationship and context. Later on, these relationships can be further used in order to deduce additional private information that was intended to remain disclosed. A recent study carried out at MIT had said to reveal the sexual orientation of Internet users based on social network contacts. In this example, the users whose privacy was compromised did not even place this information online, but rather - notify their social interaction to users, who apparently did disclose this information.

Yet, in other cases, this problem can become even worse, due to the (false) assumption of users that information that is marked as "private" will remain private and will not be disclosed by the network. Indeed, although the operators of social networks rarely betray the confidence of their users, no security mechanism is perfect. As these networks often utilize standard (and not necessarily updated) security methods, a determined attacker can sometimes gain access to such unauthorized information. The combination of sensitive private information, managed by users who are not security aware, in an environment that is not hermetically sealed is a sure cause for frequent leaks of private information and identity thefts.

This problem becomes even more threatening when viewed from the corporate (or even national) perspective. Users that possess sensitive commercial or security-related information are expected to be under severe control in their workplaces. However, while interacting virtually in social networks, the same people tend to often shed their precautions, supported by a false sense of intimacy and privacy, while being unaware of the damage their naive behavior may cause. As it is hard (and sometimes illegal) to monitor the behavior of online social networks users, these platforms possess a significant threat for the safety and privacy of sensitive information. Hard to detect and almost impossible to prevent - leaks of business, military or governmental data through social networks could become the security epidemic of the 21st century.

The workshop aims to bring to the forefront innovative approaches for analyzing and enhancing the security and privacy dimensions in online social networks. In order to facilitate the transition of such methods from theory to mechanisms designed and deployed in existing online social networking services, we need to create a common language between the researchers and practitioners of this new area -- spanning from the theory of computational social sciences to conventional security and network engineering.